package org.example.erp.config;

import org.example.erp.web.handler.MyAuthenticationFailureHandler;
import org.example.erp.web.handler.MyAuthenticationSuccessHandler;
import org.example.erp.web.handler.MyLogoutSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
/*
 * @Date 2024-10-13
 * @Author 28254
 * @ClassName MyDevSecurityConfig
 * 开发环境下 不需要验证身份
*/

@Profile("!prod")
@Configuration
@EnableWebSecurity
public class MyDevSecurityConfig {
    // 登录认证成功处理
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;

    // 登出，注销处理
    private MyLogoutSuccessHandler myLogoutSuccessHandler;

    // 登录认证失败处理
    private MyAuthenticationFailureHandler myAuthenticationFailureHandler;

    @Autowired
    public void setMyAuthenticationSuccessHandler(MyAuthenticationSuccessHandler myAuthenticationSuccessHandler) {
        this.myAuthenticationSuccessHandler = myAuthenticationSuccessHandler;
    }
    @Autowired
    public void setMyAuthenticationFailureHandler(MyAuthenticationFailureHandler myAuthenticationFailureHandler) {
        this.myAuthenticationFailureHandler = myAuthenticationFailureHandler;
    }
    @Autowired
    public void setMyLogoutSuccessHandler(MyLogoutSuccessHandler myLogoutSuccessHandler) {
        this.myLogoutSuccessHandler = myLogoutSuccessHandler;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable() // 禁用CSRF保护，因为REST API通常是无状态的
                // 设置跨域问题
                .cors(cors->cors.configurationSource(request -> {
                    CorsConfiguration corsConfiguration = new CorsConfiguration();
                    corsConfiguration.addAllowedOrigin("*");
                    corsConfiguration.addAllowedHeader("*");
                    corsConfiguration.addAllowedMethod("*");
                    return corsConfiguration;
                }))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //使用无状态会话管理
                .and()
                // 登录处理
                .formLogin(form->{
                    form.loginProcessingUrl("/api/user/login"); //访问地址接口
                    form.successHandler(myAuthenticationSuccessHandler); // 登录成功认证处理
                    form.failureHandler(myAuthenticationFailureHandler); //登录失败认证处理
                })
                // 退出登录处理
                .logout(logout->{
                    logout.logoutUrl("/api/user/logout"); //设置注销接口地址
                    logout.logoutSuccessHandler(myLogoutSuccessHandler); //登出，注销处理
                    logout.permitAll(); //允许所有用户访问这个接口地址
                })
                // 资源请求处理
                .authorizeHttpRequests(authorize->{
                    authorize.requestMatchers("/api/user/login","/api/captcha").permitAll(); //匹配到这个两个请求资源，规则为不需要验证
                    authorize.anyRequest().permitAll();
                });
        return http.build();
    }
}
